Virtualization provides near absolute security - DOM0 is not visible to
the user at all, only passing network traffic and handling kernel calls.
The security comes about in that each DOMU is totally isolated from the
the others, while the core DOM0 is isolated from any attacks.
There is also a big benefit when maintaing VM images - restoring a VM in
the case of corruption/attach/whatever is as simple as reloading a copy of
that image and connecting to system data on the local SAN.
Irrespective of the guest OS, there is good security between the
virtualized machines. Running OBSD as the guest OS provides the best of
both worlds, and it would be great if OBSD would run paravirtualized for
the best performance, but apparently nobody has a need for that
functionality.
Nobpdy has to write any code to understand that - the secuity benefits
are ovbious to everyone from the PHBs to the admins. Of course, this is
most obvious in 'enterprise space', which is pretty far removed from the
typical OBSD world.
Lee
================================================
Leland V. Lammert lvl@omnitec.net
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
================================================
